[openssh-commits] [openssh] 04/10: upstream: preserve quoting of Subsystem commands and arguments.

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Sep 8 15:59:34 AEST 2023 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e19069c9fac4c111d6496b19c7f7db43b4f07b4f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Sep 6 23:23:53 2023 +0000

    upstream: preserve quoting of Subsystem commands and arguments.
    
    This may change behaviour of exotic configurations, but the most common
    subsystem configuration (sftp-server) is unlikely to be affected.
    
    OpenBSD-Commit-ID: 8ffa296aeca981de5b0945242ce75aa6dee479bf
---
 servconf.c | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/servconf.c b/servconf.c
index a3779a9d..91449d54 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.398 2023/09/06 23:21:36 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.399 2023/09/06 23:23:53 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1960,21 +1960,19 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 		}
 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
 		arg = argv_next(&ac, &av);
-		if (!arg || *arg == '\0')
+		if (!arg || *arg == '\0') {
 			fatal("%s line %d: Missing subsystem command.",
 			    filename, linenum);
-		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
-
+		}
+		options->subsystem_command[options->num_subsystems] =
+		    xstrdup(arg);
 		/* Collect arguments (separate to executable) */
-		p = xstrdup(arg);
-		len = strlen(p) + 1;
-		while ((arg = argv_next(&ac, &av)) != NULL) {
-			len += 1 + strlen(arg);
-			p = xreallocarray(p, 1, len);
-			strlcat(p, " ", len);
-			strlcat(p, arg, len);
-		}
-		options->subsystem_args[options->num_subsystems] = p;
+		arg = argv_assemble(1, &arg); /* quote command correctly */
+		arg2 = argv_assemble(ac, av); /* rest of command */
+		xasprintf(&options->subsystem_args[options->num_subsystems],
+		    "%s %s", arg, arg2);
+		free(arg2);
+		argv_consume(&ac);
 		options->num_subsystems++;
 		break;
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list